Smartphone malware rose by 400% in 2016, and touched an all-time high, with an estimated 8.5 million malicious installation packages in existence!
With mobility in the middle of a golden boom, it is no secret smartphones are in the crosshairs of cyber criminals. By October 2016, 1.35% of all mobile devices across the world had already succumbed to malware attacks, up from 1.06% in April 2016. With restricting mobile devices now no longer an option, here are some tips to keep your business safe, amidst the rising malware threat.
1. Monitor Usage
An enterprising cyber-attacker could exploit latent vulnerabilities in an app to take control of the device, and use it as a bot. The ready example is the Mirai botnet and the associated DDoS attacks, the most devastating attacks in 2016. Mirai turned computer systems into remotely controlled “bots,” primarily targeting devices such as remote cameras and home routers, and in the process exposing the latent vulnerabilities of the emerging Internet of Things.
Trying to prevent such infiltration is likely a losing battle. Android platforms, being open source, are very distributed with different manufacturers, operating system vendors, app vendors, handset makers, carriers, and other stakeholders in the mix. Malware can be slipped in at any point. Monitoring network activity using any of the available network monitoring or anti-malware tools could detect abnormal traffic, and pinpoint it to a source, offering an effective solution to the menace.
2. Update the OS Regularly
The focus of any respectable cyber-security strategy is to prevent the smart device getting compromised in the first place, rather than making amends after it is flawed. Keeping the operating system up-to-date is the first step towards this effort. One of the reasons Android and other operating systems issue updates regularly is, to offer patches for vulnerabilities that may have surfaced recently, and which cyber attackers may exploit. The situation is graver in Android OS than any other OS, considering devices with Android OS accounted for 81% of malware infections in the second half of 2016.
3. Be Careful of Downloads
Download apps only from trusted sources, preferably only the Google Play Store, Apple’s store, or the official store of the respective OS or enterprise. They have an approval process for accepting apps on the iTunes. If the app has gone viral and is around for while, it is likely to be safe. The user ratings and comments offer a good indication of the reliability of the app. Google’s “Bouncer” for instance scans for problem apps in the PlayStore. However, all these methods are not foolproof.
As far as possible, stay away from such third-party app stores, or any source outside the official app store. However, at times, downloading from such sources may become inevitable. In such an eventuality, perform a background check on the app developer. Seek out reviews of the app wherever possible as well. Always err on the side of caution.
Also, consider the permissions sought at the time of installation. In modern smartphones, each app has its own work environment and is unable to access other apps’ data. The extent of activity the app can do depends on the permission it is granted, to access the phone’s features and data. If the app asks for a permission it is unlikely to need to perform its intended function, it raises a huge red flag.
4. Use a VPN
Determined hackers are always on the prowl, and logging on to public Wi-Fi make oneself especially vulnerable. Hackers on the same network have several tools to snoop on user activity. Encrypting the connection using a virtual private network (VPN) is a safe practice when using public connections.
5. Deploy an Antivirus Suite
An antivirus suite may seem obsolete in smartphone’s where each app works in isolation, depending on the privileges it receives. However, a good antivirus suite still has its uses but not just offering antivirus protection, but scanning app activity. With smartphones being used extensively for browsing, such anti-virus suites scan for malicious URL and shields the phone. Many antivirus suites offer value-added features, such as blacklisting problem numbers, ability to PIN protect private apps, Wi-Fi scanning options for improved security, and more.
6. Have Precautions in Place
At times, even with the precautions, malware inevitably strike. The hacker may not even have to slip in the malware. Merely following the smartphone owner and stealing the smartphone during one careless moment may do the trick in accessing sensitive corporate data.
Deploying a lock screen, having a remote wipe feature activated to use in case the smartphone is lost or compromised, activating the remote track facility, limiting remote access to internal apps or programs that involve sensitive corporate data, and more are some of the other features to protect the data even if the smartphone itself is compromised.
Very often, the weakest link in the security chain is not the technology, but the people. Often it is the failure in basic security practices or lack of common sense from employees that throw open the door for hackers to make their entry. Training and awareness, even on those things considered too obvious, can never be underestimated.
Have a solid and comprehensive mobile device management (MDM) strategy which encompasses and integrates all facets of security. Whether it is building state of the art cutting edge apps, with solid inbuilt security features, or instituting and deploying a company-wide security policy, we have the experience and expertise to do it and make an ideal partner for all your requirements.